summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/transactions/0039set_0
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-06-22 13:18:56 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-06-22 19:07:43 +0200
commit1b25bfa4b2f6b14dbee569ff467ea4d495abcc81 (patch)
tree58f38c440a527bb84a1a5d5b26c2be3d17e5b390 /tests/shell/testcases/transactions/0039set_0
parent24c9e993eeff0ed41875aa7efef5dd69db4eb537 (diff)
tests: shell: cover transactions via nft -f using flat syntax
This patch covers transactions using the flat syntax representation, eg. add table x add chain x y { type filter hook forward priority 0; } add chain x y { policy drop; } This also covers things like: add element x whitelist { 1.1.1.1 } delete element x whitelist { 1.1.1.1 } The one above may look silly from a human behaviour point of view, but silly robots may very well behave like this. These tests require several kernel patches though in order to pass successfully. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Diffstat (limited to 'tests/shell/testcases/transactions/0039set_0')
-rwxr-xr-xtests/shell/testcases/transactions/0039set_041
1 files changed, 41 insertions, 0 deletions
diff --git a/tests/shell/testcases/transactions/0039set_0 b/tests/shell/testcases/transactions/0039set_0
new file mode 100755
index 00000000..2e36fa31
--- /dev/null
+++ b/tests/shell/testcases/transactions/0039set_0
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+set -e
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+ echo "Failed to create tmp file" >&2
+ exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+RULESET="add table x
+add set x y { type ipv4_addr; flags interval;}
+add element x y { 192.168.0.0/24, 192.168.2.0/24 }
+delete element x y { 192.168.0.0/24 }
+delete element x y { 192.168.2.0/24 }
+add element x y { 192.168.4.0/24 }"
+
+echo "$RULESET" > $tmpfile
+$NFT -f $tmpfile
+if [ $? -ne 0 ] ; then
+ echo "E: unable to load good ruleset" >&2
+ exit 1
+fi
+
+EXPECTED="table ip x {
+ set y {
+ type ipv4_addr
+ flags interval
+ elements = { 192.168.4.0/24}
+ }
+}"
+
+GET="$($NFT list ruleset)"
+
+if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+fi